Secure Networking for
Building Automation Systems (BAS)

Protect your critical operations without costly and cumbersome internal firewalls and VPNs

A modern airgap to micro-segment BAS across any network transport without fork lift infrastructure upgrades or specialized skills

50% Lower CapEx and 
OpEx through BAS 
network simplification

Time

Connect and revoke BAS 
97% faster, with little to
no network changes

Segmentation

90% Reduced attack
surface through cloaking,
and micro-segmentation

Customer Innovation



Smart buildings

Penn State University improved security by segmenting their BACnet systems for over 640 buildings



How they did it →

"In less than 20 minutes we deployed our first cloaked overlay network without having to modify systems."




Tom Walker,
Facility Automation Services,
Penn State University

Segmentation alternatives for BAS 
systems are complex and costly

line

Connecting modern and legacy BAS (including HVAC, lighting, water, elevators, and more) helps you achieve greater cost-efficiencies through centralized control and monitoring. However, securely connecting and segmenting buildings in geographically distributed areas across separate and often shared networks is significantly complex and costly. 

This complexity forces organizations 
to deal with issues such as: 

Increased organizational risk from lack of segmentation and isolation 

Decreased building efficiency from lack of centralized data collection

Decreased network performance and up-time due to broadcast storms

Traditional IT solutions are not the answer. Technologies such as firewalls, VPNs, ACLs, and VLANs were not designed for energy environments. They require significant time and expertise to deploy and manage, yet still remain vulnerable to breach due to insufficient security and segmentation.

We have a better solution that solves these challenges.

Customer Interview

"It's very user intuitive. We were able to put the solution together right out of the box without any engineering to start with" - Tom Walker, Penn State University.

How they did it →

 

Simple, secure, and segmented
smart building networks

line

We deliver peer-to-peer encrypted networks that make it simple to connect and micro-segment BAS across separate buildings and networks, with little to no change to existing infrastructure. 

With a simple plug-and-play deployment model, you can now easily and quickly integrate systems across the LAN and WAN, without heavy IT involvement. We enable you to reduce costs through improved efficiency and predictive maintenance with BACnet traffic isolation and centralized control of distributed buildings.

Strong Security

Easily isolate and micro-segment BAS networks off the corporate network

Time

Lower Operational Costs

Securely connect previously separate systems for better business intelligence and improved building efficiency 

Segmentation

Better Network Performance

Improve network availability and performance by eliminating broadcast storms 

Deployment: no specialized skills needed

line

Most customers will deploy hardware such as the Airwall 150 in front of buildings in order to cloak and segment the building control systems. Some are even moving towards granular segmentation of systems within the building using the smaller, more cost-effective Airwall 75.

The Airwall relay is the world's first identity-based router that connects systems and buildings across separate networks, and can be deployed on-premises or in the cloud. The Airwall Conductor is the orchestration engine that manages policy for all distributed Airwall Services (Airwall appliances, Airwall servers, and Airwall clients), delivering simple control of the network.

A Simplified Network Diagram
Logical Segmentation

The Airwall Conductor delivers simple and 
centralized network control 


Eliminate the complex and manual configurations associated with traditional IT solutions through simple point-and-click policy orchestration. Create, deploy, and disconnect overlay networks in seconds, with little to no change to existing network infrastructure.

Setting Policy Image
Setting Policy

Policy Orchestration That’s Point-and-Click Simple

Easily create isolated network segments and configure policy using the radio buttons. This simple process replaces the multiple steps of security and network configurations (using network addresses, ports, certificates, ACLs, and VLANs, and more) typically required by IT staff.

Visualizing Policy

Verify overlay network configuration and compliance quickly and easily

The Visual Trust Map allows you to immediately validate communication policy between protected machines, as well as their Airwall services. With greater control of your network, showing segmentation for regulatory compliance reporting and security audits becomes quick and easy.

Visualizing Policy Image
Education Guide

5 Common Micro-Segmentation
Mistakes Guide

Start your
micro-segmentation project on the right foot

Customer Use Case

Smart Buildings

Learn how Penn State
University securely connected and isolated 640 buildings

Customer Use Case

IIoT Microsegmentation
at Sea

Learn how one of the world’s largest cruise lines connected and secured its entire fleet’s maritime systems